summaryrefslogtreecommitdiff
blob: 4c5d2b29cf7fbf8c358278510a4a25662f0d221f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Check chdir() on chroot() syscalls (and similar) as chroot without proper
chdir() allows to escape from changed root.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597382
http://sourceforge.net/tracker/?func=detail&aid=3095679&group_id=80387&atid=559616

--- mingetty-1.08/mingetty.c
+++ mingetty-1.08/mingetty.c
@@ -422,12 +422,21 @@
 		while ((logname = get_logname ()) == 0)
 			/* do nothing */ ;
 
-	if (ch_root)
-		chroot (ch_root);
-	if (ch_dir)
-		chdir (ch_dir);
-	if (priority)
-		nice (priority);
+	if (ch_root) {
+		if (chroot (ch_root))
+			error ("chroot(\"%s\") failed: %s", ch_root, strerror (errno));
+		if (chdir("/"))
+			error ("chdir(\"/\") failed: %s", strerror (errno));
+	}
+	if (ch_dir) {
+		if (chdir (ch_dir))
+			error ("chdir(\"%s\") failed: %s", ch_dir, strerror (errno));
+	}
+	if (priority) {
+		errno = 0; /* see the nice(2) NOTES for why we do this */
+		if ((nice (priority) == -1) && (errno != 0))
+			error ("nice(%d) failed: %s", priority, strerror (errno));
+	}
 
 	execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL);
 	error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno));